Docs
COMING SOON
MACAT is mostly free (as in gratis) to use, but it is not currently Open-Source Software. I'm considering eventual Fair Source Licensing (delayed open source), but it may stay proprietary.
MACAT has some licensing restrictions and may not be used for Cybersecurity Consulting. Read the EULA carefully before use.
Yes, there's a Discord channel available here: https://discord.gg/MUB7fdRK46
I've started a github page here for issue tracking and examples of planned external open source content: https://github.com/thebleucheese/macat-ext. Discord works too.
Review your EDR and put it in detect-only mode - sometimes called "Detection Mode", "Audit Mode", or "Passive Mode".
Even with an exception, your EDR should still capture system logging and telemetry for the commands that MACAT runs. The creation of scheduled tasks, addition of registry keys, or the use of the Windows API should trigger logging that makes its way to your central log aggregator, typically a SIEM.
This information should be enough to determine if a block would have occurred or alerts were triggered for an activity.